SharePoint 2013 and ADFS 2.0 Test with Claims Viewer Web Part

Posted on August 21, 2013 by jasonth — 2 Comments

Overview

When using SAML Claims through ADFS 2.0 it’s useful to have a way to validate which claims are being returned. We came across a web part that leverages a “TokenVisualizer” control and provides an easy solution to view the contents of the SAML token. This is based on a blog post by Liam Cleary so be sure to visit it for additional details.

This article is part of a larger series that specifically chronicles our efforts to implement SharePoint 2013 using ADFS and an identity provider. Below is a list of other articles in the series:

Install

The following steps will outline how to deploy the solution which will automatically be activated at the farm level.

Download the WSP file from http://blog.helloitsliam.com/Presentations/Helloitsliam.ClaimsViewerWebPart.wsp
Copy the solution file to one of the servers in the SharePoint farm.
Logon to the server where the WSP file is located
Launch the “SharePoint 2013 Management Shell”
Navigate to the location of the WSP file (D:\Software\CodePlex\ClaimsViewer\ in this example)
Execute the following command
- Add-SPSolution –LiteralPath “D:\Software\CodePlex\ClaimsViewer\Helloitsliam.ClaimsViewerWebPart.wsp”
Verify solution was deployed by entering the “Get-SPSolution” cmdlet. The “Deployed” column should read “True” once the “helloitsliam.claims.viewerwebpart.wspt” is deployed.

Activate Feature

Each site in the “Portal” web application will have a Site Collection Feature called “ClaimsViewerWebPartFeature1” that will need to be activated before the web part will be available.

Navigate to a site that you want to place the claims viewer web part on with an account that is a “Site Collection Administrator”. In this example I’ll use the https://portal.2008r2.local .
Click on the gear icon in the upper right hand corner and select the “Site Settings” option
Navigate to the “Site Collection Administration” section and click on the “Site collection features” link
Click the “Activate” button next to the “ClaimsViewerWebPartFeature1” entry

Add Web Part to Page

Now that the feature is activated it can be added to a page in the site. This can be on any page, and for the purpose of this article will place the web part on the main landing page.

Click the “Page” tab on the ribbon bar
Click the “Edit” button on the ribbon bar
Click the “Insert” tab on the ribbon bar
Click the “WebPart” button on the ribbon bar
In the “Categories” section click on the “Custom” folder
In the “Parts” section select the “ClaimsViewerWebPart – ClaimsVisualizer” entry and then click the “Add” button
The web part is now added to the page. Click “Save” in the ribbon bar to commit the change.

Test Claims Viewer Web Part

The web part should now be displayed on the https://portal.2008r2.local site in the collapsed form. Click the + icon to expand the web part and view the contents of the SAML token for the logged on user:

The display will be divided into two sections, “Issued Identity” and “SAML Token”. In the “Issued Identity” section the “namedidentifier” should display the logged on users email address. There will also be several “Role” entries listed that the logged on user is a member of. The “emailaddress” and “role” claim entries are the values that can be used to assign permissions to objects on the site for that user.

Tagged with: ADFS, SharePoint 2013, Troubleshoooting
Posted in SAML Claims, SharePoint 2013, Troubleshooting

2 comments on “SharePoint 2013 and ADFS 2.0 Test with Claims Viewer Web Part”

Dana Ellis says:

March 24, 2015 at 11:29 am

Can this be used with Sharepoint 2010? I have deployed it but when trying to add it to the page I am getting error that the web part is not registered as safe, I checked my web config and the safe control is there as True and also checked the GAC and it is registered there as safe as well.

Reply
Ameni KHALFAOUI says:

May 30, 2016 at 2:44 am

wsp link doesn’t work, could you please put a new one ? thank you

Reply